diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2014-01-23 17:02:30 +0000 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2014-01-23 17:02:30 +0000 |
commit | 76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9 (patch) | |
tree | 24c6fbbffc55b54b1abae1f5fff91ee4d879a7fa /winsup | |
parent | 6485b9c27420c971d7fbc20acf841bd8f519e84f (diff) | |
download | newlib-76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9.zip newlib-76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9.tar.gz newlib-76e4f83fc6c68cfe319df5cad0ab7e65cd6eb4e9.tar.bz2 |
* security.h (open_local_policy): Remove declaration.
(lsa_open_policy): Declare.
(lsa_close_policy): Declare.
* sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take
server name as parameter. Return NULL in case of error, rather than
INVALID_HANDLE_VALUE.
(lsa_close_policy): Rename from close_local_policy. Make externally
available. Get handle by value.
(create_token): Convert call to open_local_policy/close_local_policy
according to aforementioned changes.
(lsaauth): Ditto.
(lsaprivkeyauth): Ditto.
* setlsapwd.cc (setlsapwd): Ditto.
Diffstat (limited to 'winsup')
-rw-r--r-- | winsup/cygwin/ChangeLog | 16 | ||||
-rw-r--r-- | winsup/cygwin/sec_auth.cc | 41 | ||||
-rw-r--r-- | winsup/cygwin/security.h | 5 | ||||
-rw-r--r-- | winsup/cygwin/setlsapwd.cc | 7 |
4 files changed, 44 insertions, 25 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index fcfe757..c79b6bf 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,19 @@ +2014-01-23 Corinna Vinschen <corinna@vinschen.de> + + * security.h (open_local_policy): Remove declaration. + (lsa_open_policy): Declare. + (lsa_close_policy): Declare. + * sec_auth.cc (lsa_open_policy): Rename from open_local_policy. Take + server name as parameter. Return NULL in case of error, rather than + INVALID_HANDLE_VALUE. + (lsa_close_policy): Rename from close_local_policy. Make externally + available. Get handle by value. + (create_token): Convert call to open_local_policy/close_local_policy + according to aforementioned changes. + (lsaauth): Ditto. + (lsaprivkeyauth): Ditto. + * setlsapwd.cc (setlsapwd): Ditto. + 2014-01-22 Corinna Vinschen <corinna@vinschen.de> * path.cc (etc::test_file_change): In case of NtQueryFullAttributesFile diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index d6f3bb5..dfec53c 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -1,7 +1,7 @@ /* sec_auth.cc: NT authentication functions Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - 2008, 2009, 2010, 2011, 2012, 2013 Red Hat, Inc. + 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -191,28 +191,32 @@ str2buf2lsa (LSA_STRING &tgt, char *buf, const char *srcstr) } HANDLE -open_local_policy (ACCESS_MASK access) +lsa_open_policy (PWCHAR server, ACCESS_MASK access) { - LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; - HANDLE lsa = INVALID_HANDLE_VALUE; + LSA_UNICODE_STRING srvbuf; + PLSA_UNICODE_STRING srv = NULL; + static LSA_OBJECT_ATTRIBUTES oa = { 0, 0, 0, 0, 0, 0 }; + HANDLE lsa; - NTSTATUS status = LsaOpenPolicy (NULL, &oa, access, &lsa); + if (server) + { + srv = &srvbuf; + RtlInitUnicodeString (srv, server); + } + NTSTATUS status = LsaOpenPolicy (srv, &oa, access, &lsa); if (!NT_SUCCESS (status)) { __seterrno_from_nt_status (status); - /* Some versions of Windows set the lsa handle to NULL when - LsaOpenPolicy fails. */ - lsa = INVALID_HANDLE_VALUE; + lsa = NULL; } return lsa; } -static void -close_local_policy (LSA_HANDLE &lsa) +void +lsa_close_policy (HANDLE lsa) { - if (lsa != INVALID_HANDLE_VALUE) + if (lsa) LsaClose (lsa); - lsa = INVALID_HANDLE_VALUE; } bool @@ -836,7 +840,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw) push_self_privilege (SE_CREATE_TOKEN_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* User, owner, primary group. */ @@ -954,7 +958,7 @@ out: free (privs); if (my_tok_gsids) free (my_tok_gsids); - close_local_policy (lsa); + lsa_close_policy (lsa); debug_printf ("%p = create_token ()", primary_token); return primary_token; @@ -1021,7 +1025,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) } /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_EXECUTE)) == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_EXECUTE))) goto out; /* Create origin. */ @@ -1192,7 +1196,7 @@ lsaauth (cygsid &usersid, user_groups &new_groups, struct passwd *pw) out: if (privs) free (privs); - close_local_policy (lsa); + lsa_close_policy (lsa); if (lsa_hdl) LsaDeregisterLogonProcess (lsa_hdl); pop_self_privilege (); @@ -1220,8 +1224,7 @@ lsaprivkeyauth (struct passwd *pw) push_self_privilege (SE_TCB_PRIVILEGE, true); /* Open policy object. */ - if ((lsa = open_local_policy (POLICY_GET_PRIVATE_INFORMATION)) - == INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_GET_PRIVATE_INFORMATION))) goto out; /* Needed for Interix key and LogonUser. */ @@ -1263,7 +1266,7 @@ lsaprivkeyauth (struct passwd *pw) token = get_full_privileged_inheritable_token (token); out: - close_local_policy (lsa); + lsa_close_policy (lsa); pop_self_privilege (); return token; } diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index ca0239b..940afc5 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -1,7 +1,7 @@ /* security.h: security declarations Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, - 2011, 2012, 2013 Red Hat, Inc. + 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -416,7 +416,8 @@ void extract_nt_dom_user (const struct passwd *pw, PWCHAR domain, PWCHAR user); /* Get default logonserver for a domain. */ bool get_logon_server (PWCHAR domain, PWCHAR wserver, bool rediscovery); -HANDLE open_local_policy (ACCESS_MASK access); +HANDLE lsa_open_policy (PWCHAR server, ACCESS_MASK access); +void lsa_close_policy (HANDLE lsa); /* sec_helper.cc: Security helper functions. */ int set_privilege (HANDLE token, DWORD privilege, bool enable); diff --git a/winsup/cygwin/setlsapwd.cc b/winsup/cygwin/setlsapwd.cc index 8e1baa9..e86696b 100644 --- a/winsup/cygwin/setlsapwd.cc +++ b/winsup/cygwin/setlsapwd.cc @@ -1,6 +1,6 @@ /* setlsapwd.cc: Set LSA private data password for current user. - Copyright 2008, 2009, 2011 Red Hat, Inc. + Copyright 2008, 2009, 2011, 2014 Red Hat, Inc. This file is part of Cygwin. @@ -71,8 +71,7 @@ setlsapwd (const char *passwd, const char *username) if (data_buf) RtlInitUnicodeString (&data, data_buf); /* First try it locally. Works for admin accounts. */ - if ((lsa = open_local_policy (POLICY_CREATE_SECRET)) - != INVALID_HANDLE_VALUE) + if (!(lsa = lsa_open_policy (NULL, POLICY_CREATE_SECRET))) { NTSTATUS status = LsaStorePrivateData (lsa, &key, data.Length ? &data : NULL); @@ -83,7 +82,7 @@ setlsapwd (const char *passwd, const char *username) ret = 0; else __seterrno_from_nt_status (status); - LsaClose (lsa); + lsa_close_policy (lsa); } else if (ret && !username) { |